Ramblings Of A Web Guy
Brian Moon

What to do in the Bay Area?

So, as I said before, I will be at the MySQL Conference next week.  I am renting a car this year so I don't have to wait on cabs or deal with them at all.  So, I am mobile and being from a modern Southern US city, used to driving 30 minutes just to go to dinner.  So, where should we go?  Anything good in San Jose?  Should I go all the way to San Francisco?  I am willing to go where ever.  Help me locals, you are my only hope!

2008 MySQL Conference

In just two weeks I will be heading to the 2008 MySQL Conference.  I will be speaking this year.  My two talks are:

MySQL Hacks and Tricks to Make Phorum Fast
04/16/2008  4:25pm PDT Room: Ballroom A

From One Server to a Cluster
04/16/2008  5:15pm PDT Room: Ballroom C

I have to pull back to back talks.  *PHEW* I hope I can hold up.  To make it worse, they did not put me in the same room. If I remember right though, those are really close to each other.

Of course, the Phorum team will be in the Expo Hall in the DotOrg pavilion.  Just look for the big dog.

Big Dog

Forums are the red headed step child of a web site

I have seen it time and time again. And yet, every time, it irritates me to no end. You are on a professional web site. You are navigating around and at some point you hit the link for their forums. And just like that you feel transported to another place. The whole site design just changes. Colors, layout, navigation... everything. Here are some examples, including the new C7Y site from php|Architect which inspired this post. (I really do love you guys on the podcast I promise =)

  • php|architect's C7Y - main site - forums

  • Zend's Developer Zone - main site - forums
    Zend's forums do at least use the Zend.com header, but you can't get to the forums from the main Zend.com site. You have to go to the Developer Zone.

  • TextPad (great windows editor) - main site - forums
    The header is kind of the same. Fonts and link colors change slightly though which is worse in some ways than a wholesale change. It looks like they just wedged in their HTML into the phpBB template.


I could continue to list some here, but you get the idea. So, what is the problem? Does most message board software make it too hard to edit their templates? Are forums an after thought and some underling is given the task to make them work and not allowed access to the main site's templates?

Some people do better at it. MySQL for example. Theirs is still not perfect. An ad awkwardly appears in the forums in a way that makes it look like an error. However, thanks to Phorum (cha-ching), MySQL was able to make their own log in system work with their forums. Heck, even at dealnews I have not done that. Mostly because our forum logins predate our site accounts for email alerts and newsletters. I am not asking for perfection though. I would just like to feel like the company/entitiy gave some love to making their forums part of their site and not an afterthought.

So, I call for all web sites to start treating their forums like real pages. Give them the same love and attention you give that front page or any other page. And, if your message board software makes that hard, give Phorum a try.

Speaking at MySQL Conference 2008

I had mentioned a while back that I submitted three proposals for the 2008 MySQL Conference.  Well, two were accepted.

From one server to a cluster

In the last 10 years, dealnews.com has grown from a single shared hosting account to an entire rack of equipment. Luckily, we started using PHP and MySQL very early in the company's history.

From the early days of growing a forum to surviving Slashdotting, Digging and even a Yahoo! front page mention, we have had to adapt both our hardware and software many times to keep up with the growth.

I will discuss the traps, bottlenecks, and even some big wins we have encountered along the way using PHP and MySQL. From the small scale to using replication and even some MySQL Cluster.  We have done many interesting things to give our readers (and our content team) a good experience when using our web site.

MySQL hacks and tricks to make Phorum fast

Phorum is the message board software used by MySQL. One reason they chose Phorum was because of its speed. We have to use some tricks and fancy SQL to make this happen. Things we will talk about in this session include:

  • Using temporary tables for good uses.

  • Why PHP and MySQL can be a bad mix with large data sets.

  • What mysqlnd will bring to the table with the future of PHP and MYSQL.

  • How Phorum uses full text indexing and some fancy SQL to make our search engine fast.

  • Forcing MySQL to use indexes to ensure proper query performance.


You can find my conference page here.  (as Terry would say, me, me, me!)

GoDaddy support is awful

Luckily, I don't have personal experience with them. But, based on the 2 to 3 users per week that come to the Phorum support forums and IRC, they have the worst support of any host on the internet.

Example 1

A user comes to the forums having trouble with his Phorum install. In the user's words, GoDaddy tells him "they couldnt help me costumize my scripts because it wasnt their job". In this case "customize" meant filling in the MySQL permissions into the Phorum config files. In the end, GoDaddy had to move him to a Linux hosting account. They claimed that the Windows hosting accounts do not support PHP. However, they are clearly wrong about their own hosting as this all started because the user received a PHP error about not connecting to MySQL.

Example 2

This user found that GoDaddy is using MySQL 4 on their servers. Their web site does not mention a version anywhere. So, users are locked in to a hosting plan before knowing this.

Example 3

This happened today in IRC. It was much like the first example. In this case, GoDaddy support told him "permissions are set via ftp". Um, MySQL permissions are set via FTP? The user had a MySQL server name. For some reason it did not exist. So, either he typed it wrong or they gave him the wrong server name. Either way, their support should recognize this and be able to help their clients.

Example 4

This is less a support issue and just plain crappy of them IMO. GoDaddy does not allow the creation of temporary tables. The Phorum search engine makes use of them to save lots of CPU and memory on the PHP side. Luckily for their users, Thomas felt sorry enough for them to make a module that used good old fashioned slow LIKE queries. So, that will work until their account is shut off because they have search queries clogging up the database servers.

So, if you are on GoDaddy, I feel for you. From where we sit, it really seems like they do not provide very good support. We end up having to support their users for things that GoDaddy should be able to answer.

How NOT to get support and how to turn the other cheek.

So, I checked my email this morning and found this jewel:
I might use Phorum if you brain deads knew how to upload or download your files via FTP. Your documentation has no order to it, its all a mess. I even dropped a release level to see if it was just that release. Ill give you a clue, DONT TRANSFER YOUR FILES VIA AUTO, EXPECIALY YOUR TXT FILES. TRANSFER THEM IN ASCII MODE ONLY, THIS INCLUDES YOUR PHP FILES. Then you just f---ing* MIGHT get readable files. Now you might say hey wait a min, we have full documentation on our web site, but you forget, someone has to open the sample.config.php file and read the crap that resides there.

* edited for content

Should I respond?  If so, how?  I decided to respond in as nice a way as I could.
 I normally don't answer direct support emails.  Neither do I normally answer very angry emails.  However, I view this as an educational experience.

Judging by your email, I would say you are using Notepad on Windows to edit and read files.  That is mistake number one.  Notepad only reads one file format: Windows text files.  Windows natively uses a CRLF for it's line endings.  It is the only operating system that does so. Notepad is the only application on the Windows platform that only reads that format.  If you would use Wordpad instead, this would not have been a problem for you.  For some reading on the subject, you may want to read:

http://en.wikipedia.org/wiki/Newline
http://www.cs.toronto.edu/~krueger/csc209h/tut/line-endings.html

Because PHP scripts are most commonly deployed on a Linux platform, the Unix line feed (LF or \n) is best for PHP applications.  Here are some suggestions for some great text editors for Windows.

TextPad - http://www.textpad.com/
Metapad - http://www.liquidninja.com/metapad/
PSPad   - http://www.pspad.com/en/

I hope this has helped educate you on the world of new lines and how real programming works.  In the future, a kind word in the forums would be much more appreciated than an email like this.  Not all people would be as kind as I am being and want to help you grow.

What do you think?  Should have just let this guy go?  Should have been as ugly to him as he was to me?

Responsible use of the $_REQUEST variable.

A recent thread split on the PHP Internals list has been about the use of the $_REQUEST variable. I have seen more than one person make the following logic mistake:

  1. I may get data via GET

  2. I may get data via POST

  3. Ah, I should use $_REQUEST as it will catch both.


There is a problem with that logic. Cookies! Cookies are also put ino $_REQUEST. In fact, they are put into $_REQUEST last. So, any data that was sent via GET or POST is overwritten by cookies of the same name.

When does this cause a problem? Well, let's say you have a script that has a form that asks for a user name. You call the field username. So, you are looking for that data in $_REQUEST. Unknown to you, another member of your team makes a cookie named username on a totally unrelated application. His cookie needs to be accessible from several parts of the site, so he assigned the cookie to the path /. So, now, when a user submits your form, the data comes in looking like this:

$_GET["username"] = "user input";
$_COOKIE["username"] = "Tom";
$_REQUEST["username"] = "Tom";


So, now you have bad data for the username you wanted. This becomes even more menacing when you start thinking about security issues like XSS or CRSF. As Stefan Esser, a strong PHP Security advocate, wrote in another reply to the thread:
Just imagine my example...

switch ($_REQUEST['action'])
{
case 'logout':
logout();
break;
...
}

When someone injects you a cookie like +++action=logout through an
XSS or through a feature like foobar.co.kr can set cookies for *.co.kr
(in FF atleast).
Then you CANNOT use the application anymore. This is a DOS. You cannot
defeat this problem except detecting and telling the user to delete his
cookies manually...

Yikes! So, now you have all kinds of problems with using $_REQUEST.

So, what is the best way to handle both GET and POST data? Well, here are a couple options.

Merge GET and POST data

You could use array_merge() to merge the $_GET and $_POST variables into one. I would use a new variable for this data. You can overwrite super globals. Some think it is a bad idea. I can't argue that it could cause confusion if you did this in an environment where several parts of the application are going to be using user input. If you do want to do this you could do the following.

$user_input = array_merge($_GET, $_POST);
// or overwrite $_REQUEST - not recommended
$_REQUEST = array_merge($_GET, $_POST);


Use GET OR POST, not both

I personally like to only use either $_GET or $_POST. I have very rarely seen a case where using both made sense.  I normally favor $_POST if it is set.

if(!empty($_POST)){
$user_input = $_POST;
} elseif {
$user_input = $_GET;
}


Now we have a save array that can be used and we know that the data only came from one place.

Charity for our little team?

I don't often beg for stuff, but this is not for me per se.  The Phorum team is raising money to get all of our team (all 3 of us) to Santa Clara for MySQL Conference.  We will be part of the DotOrg Pavilion again this year.  We thank MySQL for inviting us.  We just about have all we need for that part of our fund raising.
We also have need of a new server.  We don't need much.  But, our old Celeron is feeling the pressure of all the new things we are doing with our documentation system.   This is where I am hoping some of you out there can help.  Surely somewhere, someone has a dual Xeon with an older raid card in it that they don't need anymore.  We do have a need for cpu power and for RAID.  We lost a hard drive a few years ago and while we had backups, it was a hassle.  We were down for days.  We have hosting (from my employer, dealnews), but I guess if the deal was right, I might consider it.  I do run my personal email and another hobby site on the server.  But, 90+% of the usage is for Phorum.

So, if anyone can help us out,  either with hardware or a donation, we thank you.  You can email me at brian@phorum.org.

Finally, Phorum 5.2 has made it to stable!

You can read the full announcement in the news post at phorum.org.

Summary:

When we officially started on 5.2 in March of 2006, we had several goals. I think we achieved most of those. We also accomplished some unplanned things. Our hackathon (me and maurice slept about 8 hours in 4 days I think) at MySQL Conference 2007 helped a lot. Remember, you can help us get there again by donating to our fund.

Some highlitghts:

New Template
New API layers and more hooks
Better MySQL support
Improved bundled modules
New announcement system
New Search, inside and out

In addition to all this, there are things like more caching options, the new hybrid read view, the new feed options (the feed code was rewritten from scratch) and better error messages so that users are less confused.

We hope you all enjoy Phorum 5.2. It is the next step for this project that is over 10 years old now. And please, keep making Phorum all your own.

Taking a moment to give thanks.

We are just passed the time of year when we give thanks (in the US anyway) and we are coming up on the time when we all try and be giving.  I feel like my last few blog posts have been a little too negative and want to make up for that.  So, I want to say thank you to some people for what I have in my professional world.

Daniel deGrandpre and Richard Moss, dealnews.com
I have known both these guys since I was a kid.  I was so excited when they offered me a full time job working on the internet.  I was in a Dilbert world and they rescued me.  Richard gave me the best recommendation I have ever heard.  I listed Richard as a reference for the job I had before dealnews.com.  The interviewer told me that when she asked Richard why she should hire me, he said "Because if I had the money, he would be working for me."  A year later, when I told her I was leaving she asked where I was going.   I happily told her, "Remeber that guy?  He has the money."  Thanks Dan and Rich.

Rasmus Lerdorf, Zeev Suraski, Andi Gutmans and other PHP contributors
I was coding Visual Basic when I found PHP.  It was really cool to write code that could make these web pages with such ease.  It made sense and did exactly what I needed it to do.  With each version it has gotten better.  Despite any conflicts on some mailing list, PHP and its community stays the best tool for the job.  Thanks to anyone that has ever helped with that.

Monty Widenius, Brian Aker, Jay Pipes and others at MySQL
Along side PHP has been MySQL all the way.  Early on it was msql, but that did not last long.  Like PHP, MySQL has endured criticism and scrutiny to remain the best too for the job.  It has also gotten better with every year and I feel honored to be a part of the MySQL community if only from the edge.  I even started pronounceing it right this year at MySQL Conference.  (It's my-s-q-l in case you didn't know)

Apache Foundation
There are lots of people in this group that have given time to make my professional life what it is today.  I was a little active in the community a few years back, but have had little personal experience with the Apache foundation recently.  I still appreciate everyone that has had a part in it.

Thomas Seifert and Maurice Makaay, my Phorum cohorts
Last but in no way least are these two guys.  I had some help here and there with Phorum for the first few years.  But, Thomas has been on the team since 2001.  He took Phorum to a new level by adding user logins and other things he needed.  Maurice has been with us as a user for a while and a team member for a few years now.  Like Thomas, he has brought Phorum up a level.  Besides help with Phorum, they are great friends and another resource I can tap for help when I am confused about things.